Authentication 

Definition: is the process of verifying the identity user 

Or a technical action that prevents unauthorized people or unauthorized processes form 
entering a computer system 

j* j»£ja (JjJjji (jia <dpu 4jUr- jl jjjJ i_$\ *J*I jl p" i nj i nil Jc (_J^JC (Ji,|j ^ill jjjJI *^JjA Jc i_jjxjl fc\ jl 

Authentication challenge 

csAj Authentication -S^ ^ jliiaj Jill CjLjsjSI (ji«j ^ 
Authentication ijcIjj IjWI 5^0 p 

(_jJ Uil^ll i_jj«jj (jjiaj jjL _>Sa (jiaa^ cs^H U^-°W (-S J IjI^jI duul (_jljl (\ 

■OlS-0 4^ ^jlj J^ (jio aim Unit a.l-slmn Jll (J <-!■•> "ill "Ual (_£•} Ijl-lll <Vitj1A ^Jll (J ^l> nil! jl L_Sjcl (_gl jl (V 

(jja^ajLa q^zj^UiW oJ jljg-sll a.^ImiI JIj .l^lj A^.j ("u^j 4uic j^-jl i"iUr. j jl^. j^Ijm jl J*^ 

-.l.nj.nlt al^linj jl (_£.} djULull a.^'inj 

Authentication Mechanism 

1) Something you know »■£ -ijj^UI j ^jjjjII cs j 

jjjall 4,u.n1b (_ijlLa ^Jxj 4^h'iVI (JS J Jj^.j^ij -1»JI (_S-1a1I Jc ^gjjjij'sji.ill <jjujS -Ol Jj_J*<uU1I liljOAJ 

oJ 1 <U1t 1— ij*J J& 1— ilo jji Jj^.jji jl jl A h^*»jq 4 n'sl i dulj lilajJuJ ii. jl jn-> n jl ^'nVij jS-o-o -Ol Jj^uiUll IJJJC' 
(_Jjl ojjjS 4 K i'i a t _ ? iijlA 4^h'lVI jl aJIjaII (JSj Jjj^jUII ii.j^ jlj aj 1 11 j 1 nil J_ji.jll J JjjjjUII a.^hnjj 

2) Something you have ^Jj£ jl £^ ls j 

V Vj o^ic Jll jjjJI ^-iJl (J& ^j-^j ^jjISII (Ji^jj jjjijlj pjV ATM ^jjI^ i_s j »-\jj 

^Jl p ,, .Vi\i oj ^ jill ^k ^IjjVI jJax< j something you know <1js ^1 j»Uajll ^ 4l«cl ^jil oj ^Uajll ^Ja.1 jLic 

memory token and smart token dp- y 

Memory token 

dj^)l£il (_£ j ol*-a j jjJI ^•sl's J ^J_a^lull <_£ j l^jjlc jjjj^ll 4^.Li. j-a >njK jo ojUo 
<-Jj*j pj^ pi '"J '"II i3J^i -^ jl"C j "Ullc. (j3Uj s^^jl t^^J L&l Jjj^jUII jc ^gjjjj^j.nll -ijjJJ l^Jl I^jIJoaa 

CjjISII 0U-0 jjSjj JjJijUll 

jjjjjj ^yllc. ^ijj ojj CjjI£1I Iji; j^Sj jLic reader ^"'~-"'.' (jjl^l^jjnau jjjJI jl gj 1 ^* j^a« l^Jl I^j^* 

<J_jii 4, it, 1^1 ^iiu l^ljl .n-»q t <1*11 4^a^)«_a l^j9 ^ifU Jll pinS J 4Jj£j]l 



Smart token 



t> aj&yj u^ ^jjI^IIj ^j_^Ull (jj^ jc (^yiiuj IC t> jj^I W^ (jiujj memory token <&«l t> ls-^j 

• Physical characteristic 

Smart token that are not smart cards can look like calculator, key, or other small portable 
object 

• Interface 

electronic interface jl manual t«l L ^J^j <t^J\ ls^j 

Manual ^"-° CjLaji»»a]l J^Luj CjjISHj Ji.-Vn 4j| jjjjil goa-mJU ?tulLo <^.jl (_J.ij 

Electronic interface »-^ji dj£l\ \JLu ^ill ja 

• Protocol used 

g-ljil V (jiiuj authentication <j^ Wj ^ ^ -u^Ul 

CiJU J^JjxuU ^J^)Ja jc • 

A^^-sImiI Sj-o ij£ lIiIj^j^jjjjIj .MjJJ Jjlg-^- (_5^S J^*^° "Oj^W i^ijr^ L)^ J^ • 

smart j 4jjIj«c ^laj challenge ^jj u^ f Wu«n jl$a. ^-aj challenge response 3iJ^ CP- j 1 • 
l£**j cryptography ^ (^ «J JjSjjjjJIj oJ challenge J& ^ response ^_£j token 

electronic interface jl manual 1*1 Lj fJaiwsj 

smart token ^lj*« 

ja. jl q\ l^lt authentication JSUi^ CjL.j ».£ Ji ^1 j-IjjVI jc -ullc ^jj&^j aAc flexibility pJ& ^ 

smart token vji* 
memory token j ±jjAA\ yj j^juj I4JV "U^> l^jblj 4-?.U l^La^j pins o^"j ^^ U"^" 
3) Something you are o^^ll jl a^^Aj lilj^jjJI ^j 

behavioral j physical uf-jA ?**Qj 
pL^wVIj di^^JI (_5j behavioral j uj*M <£^ jt -u^aJI lsj Physical 

Authentication Procedures: 

1) Two parity authentication scheme 

2) Third parity authentication scheme 

3) Public key authentication process 



Two parity authentication scheme 

1. Own way authentication 

server Jl <*»& ^j*# Client 

ajjj jjJl -il-^bim ^Ij _s_». <_>U4* (jl .iSljjJj 4_UfrJxjjj jSjaoJIjIIj jaja^JI (ja Jj^uAallj .a-Ujjjjll t jlhj j jjj^l 

2. Two way authentication 

u^ \j?j*a server j client *J* 
Both parties authenticated to each other 

jSIjj client ^_)V »-^ -^sj j3"*"> <cUj (jjjllj <a^I -ditiuj client <_^ "UaaJ ejj*_u jajjJI o^S j*jj »j jj_$*Aj1Ij 

(jTia.^lm'iLa tfljKll ^Jll (JSl.uinll (_>ia*J I^J3 (_S^ 4i jUl (jjjj 
ejjxia (jj£j J jl ^ > \\ *jV ^SjJ c _ s _jLjH jl g a It jJSj jAc j»^ja jl&^. JSj jl^. Qima-'t I^JS 4£jaj (_JJJc jl o.}S (Jjajj 

(JS (jl o^S a -sfuWi o^jc -O ji^lo (_yijj (_jj o j^.VI dicli Cj(jj_jijUll j»jV ^gj j jj^j i nil i il. 1 1 ii V j <jjU11 o j^.Vl ^ic 

jjj^U 4g j jijU jl$_> 

Inefficient technique 




Third parity authentication scheme 

maintenance W^j obj^LJI <jjpj (_&*« -ol -uSc jjjjj two party Ji JlJi»l j£»j 

KERBEROS 

Two way third party authentication 

Symmetric key with Key distribution center (KDC) known as Kerberos server 

jjji-i l^jl (_5^j -i1i.ij..i11 l^ja »,^1ini» (JjJaijlA Jll o-lall l^ja i_^m LS^J ticket °^*-° ' . imn (jjUllj jjjJI t—lllau Ltl 

Kerberos server <J ha o^ 
Kerberos information Exchange 

1) Client authentication server exchange o^j 1 jj_« J^ °_>* 

2) Client ticket granting server exchange -ujilwSI cjU^I (> ^ _$j J_U »^ 

3) Client application server exchange -u^i^U (j^SjLI ^V l$jlla jjjJI -u^i J^ s_>* 



Four entities are used in the Kerberos system 

1) Client workstation 

Vi .in Mill ^ic 4jic (j-« cP^W --UJ^ LS^^ °^J 

2) Authentication server(AS) 

TG t> yr^A; ls^ 1 ticket granting ticket lsj ^^mJ I ^ jjjJI t> J<=-^ csL? cjbjj-AJ -ulc- uj^jj 

3) Ticket granting ticket(TG) 

Jib [jjfLuj aiiajiull (J^lj oj*LIa jjjJI ^ylll cjijjl '.im^j jLic timestamp l&l« i-itnj ticket o - *Uj'ii«all 

time stamp , TG's ID, lifetime value , session key, ticket granting ticket W^ <J^i k& ^W 11 

4) Application server(AP) 

dsjli ^ill J^.|ja1I Ls ic t_g^uj ilnij.^t ^ic- <ji=>jj jjj^' ^ -"4 i^jLoiiJl ^■iiu Jll oJj 

Public key authentication process 

il i in i nit (Jib jjj^jLj (_jl (jj>ij jl share J- 4 *^ ^1 jjj^' Cy* u".'^j.'^' oJ j 
oJ key jj^ ■"'* ^iil (j>itjj <S!>lc. =^al (jju jjiiia *> key o* j-^'j jyiwjjj j^Ij key >^l"'j,' 



